The Volunteer Service Abroad organization was the victim of a ransomware attack last week. Photo / Getty Images
The Volunteer Service Abroad organization has been banned from its IT systems and demanded a ransom following a cyberattack last week.
In a statement from volunteer agency chief executive Stephen Goodman to approximately 5,000 people associated with VSA, he said a ransomware attack had been detected and
a “criminal group” demanded a ransom.
This follows what has been described as the biggest cyberattack in New Zealand history on the Waikato District Health Board this week, which crippled DHB’s healthcare supply.
Goodman’s statement said the attack on VSA was carried out by a different criminal group than the one targeting Waikato DHB.
“A ransom has been demanded, which we don’t have and will not pay,” Goodman said.
“At this early stage of the recovery process, we believe there is no breach of the personal information held with us.”
He believed that the main motivation of the group was “to get money”.
“A recent IT security review had been undertaken and we believed our security systems were appropriate.
“However, cyber attacks are now more and more sophisticated and we have unfortunately been targeted.”
VSA coordinated the volunteers and linked them to projects in 11 Pacific countries. Speaking to the Herald this afternoon, Goodman described how the attack locked VSA staff from a database with extensive information and historical files.
When the attack occurred, Goodman said a message appeared on screen – allegedly from the culprits – referring to the attack and asking to speak.
Goodman said he had no intention of interacting with those responsible and didn’t know how much money they wanted.
Following the attack, VSA engaged with a New Zealand cybersecurity organization that Goodman did not name for business reasons. VSA also investigated how the system was accessible and if there were any implications for people’s information.
He called the incident an “inconvenience” for the organization, as the information now locked had to come from other means. Goodman was reluctant to give details of what specific information attackers might have, describing it as “standard enterprise exploitation files.”
However, he repeatedly pointed out that the cybersecurity organization had found no evidence that personal information was at risk.
He was aware that the attack could be troubling for those associated with VSA and encouraged them to contact ID Care, an international identity and cybersecurity support service, on 0800 121 068 or www.idcare.org for acquire help.
A police spokesperson confirmed that a complaint about the attack had been recorded but had no details to add.
More about this article: Read More
This notice was published: 2021-05-26 04:55:37